General

  • Target

    38d3f5173827b3d7f213cb95de47e2087937eef5c9c3d48caf1dfb9098a063d4

  • Size

    388KB

  • Sample

    220201-jax6saaggj

  • MD5

    83a7ee52acc9f9f728d268acce20d30c

  • SHA1

    35ba05bc81abc4e0471efd47dcb69dc262623409

  • SHA256

    38d3f5173827b3d7f213cb95de47e2087937eef5c9c3d48caf1dfb9098a063d4

  • SHA512

    eb6f3dd0b7ab4ce4e643c0b809de2c6e697ba8d3e2683590c7dccd56223fcc51d4d53faba55d121de8b969ff6f9bf0b5f36cea4163c64155bc9e20c8a27042bb

Malware Config

Targets

    • Target

      38d3f5173827b3d7f213cb95de47e2087937eef5c9c3d48caf1dfb9098a063d4

    • Size

      388KB

    • MD5

      83a7ee52acc9f9f728d268acce20d30c

    • SHA1

      35ba05bc81abc4e0471efd47dcb69dc262623409

    • SHA256

      38d3f5173827b3d7f213cb95de47e2087937eef5c9c3d48caf1dfb9098a063d4

    • SHA512

      eb6f3dd0b7ab4ce4e643c0b809de2c6e697ba8d3e2683590c7dccd56223fcc51d4d53faba55d121de8b969ff6f9bf0b5f36cea4163c64155bc9e20c8a27042bb

    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks